Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-27 CVE-2024-9280 Unrestricted Upload of File with Dangerous Type vulnerability in Kvf-Admin Project Kvf-Admin 20220212
A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical.
network
low complexity
kvf-admin-project CWE-434
critical
9.8
2024-09-26 CVE-2024-46628 OS Command Injection vulnerability in Tendacn G3 Firmware 15.03.05.05
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.
network
low complexity
tendacn CWE-78
critical
9.8
2024-09-26 CVE-2024-7108 Incorrect Authorization vulnerability in Nationalkeep Cybermath 1.4
Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.240816253.
network
low complexity
nationalkeep CWE-863
critical
9.8
2024-09-26 CVE-2024-7772 Unrestricted Upload of File with Dangerous Type vulnerability in Artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5.
network
low complexity
artbees CWE-434
critical
9.8
2024-09-26 CVE-2024-7781 Missing Authentication for Critical Function vulnerability in Artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5.
network
low complexity
artbees CWE-306
critical
9.8
2024-09-25 CVE-2024-20510 Incorrect Authorization vulnerability in Cisco IOS XE
A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication. This vulnerability is due to a logic error when activating the pre-authentication ACL that is received from the authentication, authorization, and accounting (AAA) server.
low complexity
cisco CWE-863
critical
9.3
2024-09-25 CVE-2024-47078 Incorrect Authorization vulnerability in Meshtastic Firmware
Meshtastic is an open source, off-grid, decentralized, mesh network.
network
low complexity
meshtastic CWE-863
critical
9.8
2024-09-25 CVE-2024-7575 Command Injection vulnerability in Telerik UI for WPF
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
network
low complexity
telerik CWE-77
critical
9.8
2024-09-25 CVE-2024-7576 Deserialization of Untrusted Data vulnerability in Telerik UI for WPF
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
network
low complexity
telerik CWE-502
critical
9.8
2024-09-25 CVE-2024-6592 Incorrect Authorization vulnerability in Watchguard Authentication Gateway and Single Sign-On Client
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4.
network
low complexity
watchguard CWE-863
critical
9.1